X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=beg.php;h=531e8dbf719f7ce74c7bece01ae1c64896fad504;hp=9d1ef62d0895f25fff1abad51f92b0ef2e476836;hb=f36ab6ae1503ee54a7c9d0083a8089286d8b37ef;hpb=06c7c6a05e15658be2d6e70b1cbe4812c8e3dcf4 diff --git a/beg.php b/beg.php index 9d1ef62d08..531e8dbf71 100644 --- a/beg.php +++ b/beg.php @@ -46,7 +46,7 @@ $CSS = -1; $msg = null; // Load the required file(s) -require ("inc/config.php"); +require("inc/config.php"); // Is the "beg" extension active? if (!EXT_IS_ACTIVE("beg")) { @@ -58,38 +58,40 @@ if (!EXT_IS_ACTIVE("beg")) { if (isBooleanConstantAndTrue('mxchange_installed')) { // Check for userid if (!empty($_GET['uid'])) { - // Init user ID + // Init variables $uid = 0; + $result = false; + $points = 0; + + // Don't pay is the default... + $pay = false; // Validate if it is not a number - if ("".bigintval($_GET['uid'])."" !== "".$_GET['uid']."") { + if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") { if (EXT_IS_ACTIVE("nickname")) { // Maybe we have found a nickname? - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", - array($_GET['uid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", + array($_GET['uid']), __FILE__, __LINE__); } else { // Nickname entered but nickname is not active $msg = CODE_EXTENSION_PROBLEM; $uid = -1; - $result = false; } } else { // Direct userid - $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", - array(bigintval($_GET['uid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array(bigintval($_GET['uid'])), __FILE__, __LINE__); } // Check if locked in so don't pay points - $login = false; $status = "failed"; - if (IS_MEMBER()) { - // Logged in user detected! - $login = true; - } // END - if + $status = "failed"; // Check if account was found - if ((SQL_NUMROWS($result) == 1) && ($result != false)) { + if (SQL_NUMROWS($result) == 1) { // Found an ID so we simply set it list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result); + + // Account confirmed? if ($status == "CONFIRMED") { // Secure userid $uid = bigintval($uid); @@ -100,10 +102,10 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Multiply configured values with 100000 and divide with 100000 so we can also handle small values // If we need more number behind the decimal dot then we just need to increase all these three // numbers matching to the numbers behind the decimal dot. Simple! ;-) - $points = mt_rand(($_CONFIG['beg_points'] * 100000), ($_CONFIG['beg_points_max'] * 100000)) / 100000; + $points = mt_rand((getConfig('beg_points') * 100000), (getConfig('beg_points_max') * 100000)) / 100000; // Set nickname / userid for the template(s - define('__BEG_UID' , $_GET['uid']); + define('__BEG_UID' , SQL_ESCAPE($_GET['uid'])); define('__BEG_CLICKS', ($clicks + 1)); define('__BEG_BANNER', LOAD_TEMPLATE("beg_banner", true)); define('__BEG_POINTS', TRANSLATE_COMMA($points)); @@ -111,74 +113,97 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Other status $uid = 0; } - } + } // END - if // Free memory SQL_FREERESULT($result); - if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) { + // User id valid and not webmaster's id? + if (($uid > 0) && (getConfig('beg_uid') != $uid)) { // Update counter - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1", - array($uid), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1", + array($uid), __FILE__, __LINE__); // Check for last entry for userid w/o IP number - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_timeout'].") OR (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_uid_timeout'].") AND userid=%s)) AND remote_ip='%s' LIMIT 1", - array($uid, GET_REMOTE_ADDR()), __FILE__, __LINE__); - if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) { - // Free memory - SQL_FREERESULT($result); + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_timeout').") OR (timeout > (UNIX_TIMESTAMP() - ".getConfig('beg_uid_timeout').") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1", + array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__); + // Entry not found, points set and not logged in? + if (((SQL_NUMROWS($result) == 0) || (IS_ADMIN())) && ($points > 0) && (!IS_MEMBER()) && (getConfig('beg_pay_mode') == "NONE")) { + + // Admin is testing? if (!IS_ADMIN()) { // Remember remote address, userid and timestamp for next click // but only when there is no admin begging. // Admins shall be able to test it! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip, timeout) VALUES('%s','%s', UNIX_TIMESTAMP())", - array($uid, GET_REMOTE_ADDR()), __FILE__, __LINE__); - } - - // Set mode depending on how many mails the member has to confirm - $locked = false; - if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true; - - // Is begging rallye active? - if ($_CONFIG['beg_rallye'] == "Y") { - // Add points to rallye account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1", - array($points, $uid), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())", + array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__); + + // Was is successfull? + if (SQL_AFFECTEDROWS() == 1) { + // Okay! + $pay = true; + } // END - if } else { - // Add points to account - $DEPTH = 0; - ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode'])); + // Is admin! + $pay = true; } - // Subtract begged points from member account if the admin has selected one - if ($_CONFIG['beg_uid'] > 0) { - // Subtract from this account - SUB_POINTS($_CONFIG['beg_uid'], $points); + // Pay points? + if ($pay) { + // Add points to user or begging rallye account + if (BEG_ADD_POINTS($uid, $points)) { + // Set "done" message + define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true)); + } else { + // Error! + define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true)); + } + } else { + // Error! + define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true)); } - - // Set message - define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true)); - } elseif ($login) { + } elseif (IS_MEMBER()) { // Logged in user found! define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true)); - - // Free memory - SQL_FREERESULT($result); + } elseif (getConfig('beg_pay_mode') != "NONE") { // Other pay-mode active! + // Prepare content for template + $content = array( + 'clicks' => __BEG_CLICKS, + 'points' => __BEG_POINTS, + 'uid' => __BEG_UID + ); + + // Load message template depending on pay-mode + define('__BEG_MSG', LOAD_TEMPLATE("beg_pay_mode_".strtolower(getConfig('beg_pay_mode')), true, $content)); + $pay = true; } else { - // Free memory - SQL_FREERESULT($result); - // Clicked received while reload lock is active define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true)); } + // Free memory + SQL_FREERESULT($result); + // Include header require_once(PATH."inc/header.php"); // Load final template LOAD_TEMPLATE("beg_link"); + // Tracker code enabled? (We don't track users here! + if ((getConfig('beg_pay_mode') != "NONE") && ($pay)) { + // Prepare content for template + $content = array( + ); + + // Include config-depending template + LOAD_TEMPLATE("beg_pay_code_".strtolower(getConfig('beg_pay_mode')), false, $content); + } elseif ((!$pay) && (!defined('__BEG_MSG'))) { + // Cannot pay! :-( + define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true)); + } + // Include footer require_once(PATH."inc/footer.php"); } elseif (($status != "CONFIRMED") && ($status != "failed")) { @@ -189,8 +214,8 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { } } elseif (($uid == "0") || ($status == "failed")) { // Inalid or locked account, so let's find out - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1", - array($_GET['uid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' LIMIT 1", + array($_GET['uid']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Locked account $msg = CODE_ACCOUNT_LOCKED; @@ -201,7 +226,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) { // Free memory SQL_FREERESULT($result); - } elseif ($uid == $_CONFIG['beg_uid']) { + } elseif ($uid == getConfig('beg_uid')) { // Webmaster's ID cannot beg for points! $msg = CODE_BEG_SAME_AS_OWN; }